| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-7228 | 6.8 |
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an in
|
13-02-2023 - 02:17 | 14-11-2007 - 21:46 | |
| CVE-2006-7227 | 6.8 |
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern name
|
13-02-2023 - 02:17 | 14-11-2007 - 21:46 | |
| CVE-2007-2872 | 6.8 |
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
|
13-02-2023 - 02:17 | 04-06-2007 - 17:30 | |
| CVE-2005-4872 | 4.3 |
Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number
|
13-02-2023 - 02:16 | 31-12-2005 - 05:00 | |
| CVE-2007-3998 | 5.0 |
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certai
|
26-10-2018 - 13:59 | 04-09-2007 - 18:17 | |
| CVE-2007-1660 | 6.8 |
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service
|
16-10-2018 - 16:39 | 07-11-2007 - 23:46 | |
| CVE-2007-1659 | 6.8 |
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
|
16-10-2018 - 16:39 | 07-11-2007 - 23:46 | |
| CVE-2007-5898 | 6.4 |
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
|
15-10-2018 - 21:46 | 20-11-2007 - 18:46 | |
| CVE-2007-4782 | 5.0 |
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanie
|
15-10-2018 - 21:38 | 10-09-2007 - 21:17 | |
| CVE-2007-4840 | 5.0 |
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode
|
15-10-2018 - 21:38 | 12-09-2007 - 20:17 | |
| CVE-2007-4784 | 5.0 |
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that su
|
15-10-2018 - 21:38 | 10-09-2007 - 21:17 | |
| CVE-2007-4825 | 7.5 |
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
|
15-10-2018 - 21:38 | 12-09-2007 - 01:17 | |
| CVE-2007-4661 | 7.5 |
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
| CVE-2007-4658 | 7.5 |
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
| CVE-2006-7226 | 4.3 |
Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows
|
11-10-2017 - 01:31 | 03-12-2007 - 20:46 | |
| CVE-2006-7230 | 4.3 |
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dep
|
11-10-2017 - 01:31 | 15-11-2007 - 19:46 | |
| CVE-2006-7225 | 4.3 |
Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid c
|
11-10-2017 - 01:31 | 03-12-2007 - 20:46 | |
| CVE-2007-3996 | 6.8 |
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a la
|
29-09-2017 - 01:29 | 04-09-2007 - 18:17 |